Legal claims defining the scope of protection, as filed with the USPTO.
1. A method of preventing unauthorized download of data to a computer having a web browser process comprising a memory heap, comprising: hooking one or more downloading functions that can be called by code executing on the computer to download data; responsive to a hooked downloading function being called by code stored in the memory heap of the web browser process, identifying a return address of the code; determining whether the return address is within the heap based at least in part on whether data of a page of memory corresponding to the return address were loaded from a file; and responsive to the return address being within the heap, performing a remedial action that prevents downloading of data by the called downloading function.
2. The method of claim 1 , wherein the hooked downloading functions include a function from the group of UrlDownloadToFileA, UrlDownloadToFileW, UrlDownloadToCacheFileA, and UrlDownloadToCacheFileW.
3. The method of claim 1 , wherein the code is downloaded over a network.
4. The method of claim 1 , wherein the remedial action comprises returning an error code to the code that called the hooked downloading function.
5. The method of claim 1 , wherein the remedial action comprises displaying an alert.
6. A computer program product having a non-transitory computer-readable storage medium storing executable computer program modules for preventing unauthorized download of data to a computer having a web browser process comprising a memory heap, the modules comprising: a hooking module for hooking one or more downloading functions that can be called by code executing on the computer to download data; a code checking module for: identifying a return address of code stored in the memory heap of the web browser process, responsive to the code calling one of the hooked downloading functions, and determining whether the return address is within the heap based at least in part on whether data of a page of memory corresponding to the return address were loaded from a file; and a remediation module for performing a remedial action that prevents downloading of data by the called downloading function, responsive to the return address being within the heap.
7. The computer program product of claim 6 , wherein the hooked downloading functions include a function from the group of UrlDownloadToFileA, UrlDownloadToFileW, UrlDownloadToCacheFileA, and UrlDownloadToCacheFileW.
8. The computer program product of claim 6 , wherein the code is downloaded over a network.
9. The computer program product of claim 6 , wherein the remedial action comprises returning an error code to the code that called the hooked downloading function.
10. The computer program product of claim 6 , wherein the remedial action comprises displaying an alert.
11. A computer adapted to prevent unauthorized download of data to a computer having a web browser process comprising a memory heap, comprising: a computer-readable storage medium storing executable computer program modules comprising: a hooking module for hooking one or more downloading functions that can be called by code executing on the computer to download data; a code checking module for: identifying a return address of code stored in the memory heap of the web browser process, responsive to the code calling one of the hooked downloading functions, and determining whether the return address is within the heap based at least in part on whether data of a page of memory corresponding to the return address were loaded from a file; and a remediation module for performing a remedial action that prevents downloading of data by the called downloading function, responsive to the return address being within the heap.
12. The computer of claim 11 , wherein the hooked downloading functions include a function from the group of UrlDownloadToFileA, UrlDownloadToFileW, UrlDownloadToCacheFileA, and UrlDownloadToCacheFileW.
13. The computer of claim 11 , wherein the code is downloaded over a network.
14. The computer of claim 11 , wherein the remedial action comprises returning an error code to the code that called the hooked downloading function.
15. The computer of claim 11 , wherein the remedial action comprises displaying an alert.
Unknown
July 24, 2012
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.